Palo Alto Networks and Google Cloud are tackling the thorny issue of network security in cloud environments with a jointly developed managed service that is built on Palo Alto’s machine learning-powered threat detection capabilities.
The companies, which have worked together on cloud and security solutions since 2018, this week introduced the Cloud Intrusion Detection Service (IDS), which was a year in the making and will be offered as a Google Cloud service. It currently is available in preview. Cloud IDS is a way to address a range of limitations in current network threat detection options that have hampered enterprise Security Operations Centers, according to Palo Alto officials.
Those issues include limitations in threat coverage, complex designs and implementation processes, and the inability to automatically scale, Muninder Singh Sambi, senior vice president of product management at Palo Alto, wrote in a blog post.
With Cloud IDS, “cloud security teams can get granular application-level visibility of traffic within a VPC [virtual private cloud] – between subnets, specific workload instances, or container pods – wherever inspection is required to secure applications and address compliance or regulatory requirements,” Sambi wrote. “As a native Google Cloud service, Cloud IDS deploys rapidly to provide high performance and high availability. No need to worry about throughput needs. No need to worry about auto-scalability and bursting events.”
The Cloud Keeps Growing
Cloud IDS comes as enterprises, which already had been making their ways into the cloud for years, speed up their adoption of hybrid cloud strategies, embracing multiple public clouds while retaining some applications and data on premises. That trend has only accelerated since the onset of the COVID-19 pandemic last year. According to Synergy Research Group, global spending on cloud infrastructure services in the first quarter hit more than $39 billion, a 37 percent year-over-year increase.
Given the ongoing migration to the cloud and the increasingly distributed nature of work and IT, a service like IDS makes sense, according to Zeus Kerravala, principal analyst with ZK Research. The days of workers, applications and data residing on premises behind a firewalled perimeter are over.
“Right now, we live in a much more fluid world where we don’t really know where our data is, where our users are,” Kerravala told Enterprise Networking Planet. “We don’t know where our devices are that they’re working on. So we need something that’s a lot more agile, that can adapt. When you put it in the cloud, you can do that. From a security perspective, the cloud aligns it better with the way we work today.”
The cloud has enabled workers to do more than ever, but it’s also increased the security risk because there are now more workloads, employees and data in more places, so the security has to be in the cloud as well.
“For every Yin there’s a Yang,” he said. “The cloud has had a huge impact on making us more productive, but the threat surface is just a lot bigger, [with] more threats coming from more places [and] a lot of them coming in from the cloud. This is fight fire with fire. You can’t protect cloud-based resources with on-prem resources. Those clouds do a great job of making more apps and data ubiquitously available, but so we need a security model that fits that.”
The demand for a service like Cloud IDS has been coming from enterprises, according to Google Cloud officials.
“We’ve heard time and time again that customers want an easier path to network threat detection, built into our cloud, that is easy to deploy and manage,” Shailesh Shukla, vice president and general manager of networking at Google Cloud, and Megan Yahya, product manager for network security, wrote in a blog post. “They’ve also made it clear that they need broad visibility into traffic coming into their cloud environment as well as traffic between workloads. Finally, they cannot compromise on security efficacy – the ability for the system to detect malicious activity with low false positives.”
Cloud IDS is designed to not only improve visibility into the traffic coming into and out of the internet, but also monitors east-west traffic, watching for suspicious lateral movement within the VPC environment. Organizations get a deeper view of traffic between subnets, specific workload instances and container pods. The cloud-native nature of the service also delivers such benefits as high performance, availability, and scalability
Built on Palo Alto Technology
It’s built on Palo Alto’s Threat Prevention security service, which includes not only threat detection but other cloud-based services like DNS security, Internet of Things (IoT) security, enterprise data loss protection and advanced URL filtering. The vendor’s threat analysis engine leverages machine learning and processes more than 15 trillion transactions per day, with the information collected across Palo Alto’s worldwide network of firewalls and endpoint agents, Sambi wrote. This generates 4.3 million security updates a day. In addition, Palo Alto has its Unit 42 threat research group.
Enterprises also can create customer workflows within Google Cloud that can trigger remediation actions based on alerts and use the data generated by Cloud IDS in their security information and event management (SIEM) solution to investigate and correlate the threats. Organizations can then respond to threats via their security orchestration and information response (SOAR).
In the public preview of Cloud IDS, the service is integrating with such vendor offerings as Splunk’s Cloud Platform and Enterprise Platform, Exabeam’s Advanced Analytics, the Devo Platform and Palo Alto’s SOAR. It later will also integrate with Google Cloud’s Chronicle and Security Command Center.
Cloud IDS comes as the threats to cloud environments continue to grow and evolve. According to a Unit 42 report on cloud security released in April, the threat landscape expanded quickly in response to the pandemic, particularly in such industries as retail, manufacturing, and government, which saw year-over-year jumps of 205 percent to 402 percent.
The security group also identified other issues, including that 30 percent of organizations host sensitive data in the cloud without proper security controls in place.
The researchers wrote that “implementing cloud security automation tools that can perform tasks – such as auditing Infrastructure as Code (IaC) templates for security risks, scanning cloud environments for misconfigured ports and comparing cloud configurations to industry-accepted security benchmarks – go a long way toward keeping cloud workloads secure, even as they grow in size. Hiring security engineers who understand cloud-native development and can help programmers build secure applications is important, too.”
As enterprises in response to the pandemic scaled up their cloud environments due to the pandemic, “they did not always scale up their security and governance processes at the same rate,” the researchers wrote. “The result has been an explosion in cloud security incidents across a variety of regions and industries.”